Re: syslog-ng+ELK

[Predrag Punosevac]

Michael Shirk wrote:

> On May 23, 2015 10:42, "Predrag Punosevac" 
> wrote:
> >
> > 5. Finally I am open for simpler ideas. Any opinions on
> sysutils/logfmon
> > Is it possible to visualize on the web output from logfmon?
> >
> > Best,
> > Predrag Punosevac
> >
> 
> There is another aspect to log analysis tools that bothers me the most,
> why
> must we risk system security to review log files?
> 
> Any of the tools that "work well" open you up to web vulnerabilities, or
> cost money in the case of Splunk. I have not had time to work on it, but
> I
> would like to create a tool that avoids all of the issues of running a
> web
> service or requiring java.
> 
> My interest is in UNIX system logs and IDS/IPS events, with full packet
> captures. The simplest form I have used is with automated processing of
> IDS
> events, firewall logs, and full pcap data as static files shared on a
> webserver. I would be interested in a CLI log viewer with ncurses, or
> scripted output (maybe using pipecut to process data as you search for
> what
> you want in the simplest UNIX way).
> 
> --
> Michael Shirk
> Daemon Security, Inc.
> http://www.daemon-security.com


I am resurrecting this old thread I started almost a year ago in an
attempt to learn how other OpenBSD users are managing their centralized
logging servers. I also wanted to revisit the issues raised by 
Mr. Shirk. 

Namely the problem I am trying to solve seems very common. I am running
centralized logging server (syslog-ng) an OpenBSD host. This server
receives log files from my heterogeneous network consisting of OpenBSD
machines (running syslogd) Red Hat machines (rsyslog), and FreeBSD
machines running FreeBSD version of syslogd. I noticed that sending log
files generates lots of traffic on my monitoring server in part due to
the fact that I am recording lots of noise like

last message repeated 10 times

Next problem is properly rotating, archiving, and deleting monthly
directories containing log files of all my servers. For example
directory

/var/log/syslog-ng/HOSTS/2016-05

contains log files of all my servers for this month. That is not too
useful. Storing them per day would be probably better but having fewer
log files just for important things would be even better.

Log files are useless unless some kind analytics is run on them.
I would like to be able to do real time monitoring for anomalies using a
daemon for. The following seems obvious anomalies:

1 . SMART errors (I am big data/machine learning guy so I want to
replace failed HDD in timely fashion) even though SMART deamon is
sending separate e-mail

2. failing hardware (sensors, IPMI, mcelog)

3. firewall logs

4. IDS/IPS events 



A daemon should be able to send me an e-mail every couple of hours
containing as little noise as possible.

So far I have found in ports the following daemons:

1. security/logsurfer (package exists only for i386 and I use amd64)

2. sysutils/logfmon (From looking at /etc/logfmon.conf it looks like it
is written to monitor log files on the single OpenBSD machine running
syslogd. I don't see how I could monitor entire syslog-ng directories)

3. I noticed that syslog daemons do not work very well as SQL databases
as a storage backends. For example LibreNMS has the interface for
displaying and searching (manually which makes it useless) syslog files.
But MariaDB has to be restarted quite frequently and on the top of it.

4. I am not sure what to think of ELK anymore. The more I learn the less
i like it.

5. Finally I stumbled upon echofish 

https://echothrust.github.io/echofish/

which seems to be repeating old pattern. Using SQL database as a backend
and providing UI for searching messages (I can do that using grep) but
no e-mail notification when troubles are found.


What am I missing here? How do people monitor their log files in the
real time. That would seems such an obvious topic for people who care
about security. 

Predrag

Yo, all yous Developers

[Duncan Patton a Campbell]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256


I've just moved an application (written in gprolog) from OBSD_i386 4.1 to 5.9.  
I needed to recompile things, and some of the periferal glue (sudo, nsupdate...)
needed to be added from packages, but so far as I can tell it all works.  All
told it took me a day. 

So, my congradulations and thanks.

Dhu

- -- 
"Je suis Canadien.  Ce n'est pas Francais ou Anglaise.  C'est une esp`ece de 
sauvage"

http://babayaga.neotext.ca/PublicKeys/Duncan_Patton_a_Campbell_pubkey.txt

Ne obliviscaris, vix ea nostra voco.
iF4EAREIAAYFAlctRFEACgkQiY6AzzR1lzyhLgD+I+aPJLfFUA8C9U/XzzRvMc5c
QeeX/jR8k1vRUSBs1JEA/0JELBXHDq+1DE0N1cj5h7BZKuJwA0Xl7H1rH8z46Hvc
=+fvw
-END PGP SIGNATURE-

Re: Dell XPS13 9333 Touchpad doesn't work

[Ulf Brosziewski]

Hi, it might be that you are out of luck with your hardware. If
I'm not mistaken, it has a Cypress touchpad, which isn't supported.

On 05/06/2016 05:16 AM, Gabriel Guzman wrote:
> Hello misc@
> 
> I have a Dell XPS 13 9333 that I recently installed OpenBSD on.  For the
> most part everything runs great.  WiFi, suspend resume, everything.  The
> laptop has both a touchscreen and a touchpad.  The touchscreen works
> just fine, I can use it as a pointing device w/out problems.  The
> touchpad however doesn't seem to be recognized by the system.  I'm not
> sure if it's user error or some hardware that's not recognized.  dmesg
> and other output included below.  Anyone have any idea what I might be
> able to try to get this working?  Plugging in an external mouse also
> works just fine.   
> 
> Thanks, 
> gabe. 
> 
> 
> OpenBSD 5.9-current (GENERIC.MP) #2002: Sun May  1 06:35:58 MDT 2016
> dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> real mem = 8474284032 (8081MB)
> avail mem = 8212860928 (7832MB)
> mpath0 at root
> scsibus0 at mpath0: 256 targets
> mainbus0 at root
> bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xe0fc0 (69 entries)
> bios0: vendor Dell Inc. version "A06" date 11/07/2014
> bios0: Dell Inc. XPS13 9333
> acpi0 at bios0: rev 2
> acpi0: sleep states S0 S1 S3 S4 S5
> acpi0: tables DSDT FACP ASF! HPET LPIT APIC MCFG SSDT SSDT SSDT SSDT SSDT 
> UEFI POAT BATB FPDT SLIC UEFI SSDT BGRT CSRT
> acpi0: wakeup devices P0P1(S4) GLAN(S4) EHC1(S4) EHC2(S4) XHC_(S4) HDEF(S4) 
> TPD4(S4) TPD7(S0) TPD8(S0) PXSX(S4) RP01(S4) PXSX(S4) RP02(S4) PXSX(S4) 
> RP03(S4) PXSX(S4) [...]
> acpitimer0 at acpi0: 3579545 Hz, 24 bits
> acpihpet0 at acpi0: 14318179 Hz
> acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
> cpu0 at mainbus0: apid 0 (boot processor)
> cpu0: Intel(R) Core(TM) i5-4210U CPU @ 1.70GHz, 1596.56 MHz
> cpu0: 
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT
> cpu0: 256KB 64b/line 8-way L2 cache
> cpu0: smt 0, core 0, package 0
> mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
> cpu0: apic clock running at 99MHz
> cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE
> cpu1 at mainbus0: apid 1 (application processor)
> cpu1: Intel(R) Core(TM) i5-4210U CPU @ 1.70GHz, 1596.31 MHz
> cpu1: 
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT
> cpu1: 256KB 64b/line 8-way L2 cache
> cpu1: smt 1, core 0, package 0
> cpu2 at mainbus0: apid 2 (application processor)
> cpu2: Intel(R) Core(TM) i5-4210U CPU @ 1.70GHz, 1596.31 MHz
> cpu2: 
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT
> cpu2: 256KB 64b/line 8-way L2 cache
> cpu2: smt 0, core 1, package 0
> cpu3 at mainbus0: apid 3 (application processor)
> cpu3: Intel(R) Core(TM) i5-4210U CPU @ 1.70GHz, 1596.31 MHz
> cpu3: 
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT
> cpu3: 256KB 64b/line 8-way L2 cache
> cpu3: smt 1, core 1, package 0
> ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 40 pins
> acpimcfg0 at acpi0 addr 0xf800, bus 0-63
> acpiprt0 at acpi0: bus 0 (PCI0)
> acpiprt1 at acpi0: bus -1 (P0P1)
> acpiprt2 at acpi0: bus 1 (RP01)
> acpiprt3 at acpi0: bus 2 (RP03)
> acpiprt4 at acpi0: bus -1 (PEG0)
> acpiprt5 at acpi0: bus -1 (PEG1)
> acpiprt6 at acpi0: bus -1 (PEG2)
> acpiec0 at acpi0
> acpicpu0 at acpi0: C3(200@332 mwait.1@0x50), C2(200@148 mwait.1@0x33), 
> C1(1000@1 mwait.1), PSS
> acpicpu1 at acpi0: C3(200@332 mwait.1@0x50), C2(200@148 mwait.1@0x33), 
> C1(1000@1 mwait.1), PSS
> acpicpu2 at acpi0: C3(200@332 mwait.1@0x50), C2(200@148 mwait.1@0x33), 
> C1(1000@1 mwait.1), PSS
> acpicpu3 at acpi0: C3(200@332 mwait.1@0x50), C2(200@148 mwait.1@0x33), 
> C1(1000@1 mwait.1), PSS
> acpitz0 at acpi0: critical temperature is 105 degC
> acpitz1 at acpi0: critical temperature is 105 degC
> "PNP0C14" at acpi0 not configured
> "INT3F0D" at 

Re: Creative USB Headset on 5.9

[Jakob Gillich]

On Fri, May 6, 2016, at 11:01 PM, joekiser wrote:
> 
> Is this plugged into a USB 2 port?
> 
> Joe

No, it was plugged into a USB3 port, it works fine over USB 2! I assume
that is a driver limitation? And any idea if it's possible to switch
audio devices in xfce4-mixer? It still doesn't show up unfortunately.
I've added `sndiod_flags="-f rsnd/1 -f rsnd/0"` to my rc.conf.local,
which falls back to the internal speakers when the headset isn't
connected, but it would be a lot nicer if I could change it easily at
runtime through the mixer.

Thanks!

Jakob

Re: Creative USB Headset on 5.9

[joekiser]

On Fri, May 6, 2016, at 15:16, Jakob Gillich wrote:
> I'm pretty new to OpenBSD in general, and recently installed 5.9. Now
> I'm wondering if it's possible to get my USB headset working. According
> to dmesg, a audio1 device gets created:
> 
[snip]
> 
> Does this mean it's not supported, or is there anything else I could
> try?
> 

Is this plugged into a USB 2 port?

Joe

Creative USB Headset on 5.9

[Jakob Gillich]

I'm pretty new to OpenBSD in general, and recently installed 5.9. Now
I'm wondering if it's possible to get my USB headset working. According
to dmesg, a audio1 device gets created:

uaudio0 at uhub0 port 4 configuration 1 interface 0 "Creative Technology
Ltd. SB Tactic(3D) Wrath Wireless" rev 1.10/1.00 addr 3
uaudio_identify_ac: skip desc type=0x04
uaudio0: audio rev 1.00, 4 mixer controls
audio1 at uaudio0
uhidev5 at uhub0 port 4 configuration 1 interface 3 "Creative Technology
Ltd. SB Tactic(3D) Wrath Wireless" rev 1.10/1.00 addr 3
uhidev5: iclass 3/0, 255 report ids
uhid9 at uhidev5 reportid 1: input=4, output=0, feature=0
ukbd3 at uhidev5 reportid 2: 4 variable keys, 1 key codes
wskbd4 at ukbd3 mux 1
wskbd4: connecting to wsdisplay0
uhid at uhidev5 not configured

But it doesn't show up in xfce4-mixer, and direct playback fails as
well:

$ cat /dev/urandom > /dev/audio1
cat: stdout: Input/output error

Does this mean it's not supported, or is there anything else I could
try?

Re: dhclient.conf and hostname.if

[Remi Locherer]

On Fri, May 06, 2016 at 06:21:00AM -0600, Duncan Patton a Campbell wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
> 
> On Fri, 06 May 2016 12:06:58 +0100
> Mark Carroll  wrote:
> 
> > On 06 May 2016, Duncan Patton a. Campbell wrote:
> > 
> > > Is there any similar tag to access the addess assigned by dhcp?
> > > What other mechanisms exist to update dynamic dns assignments?
> > 
> > Could ifstated(8) help here? I've separately wondered if I ought to be
> > using it to kick pf because it otherwise doesn't realize that 'self'
> > includes the address eventually assigned by PPP.
> > 
> > -- Mark
> > 
> 
> Yes.  Looking at the man page this might be a way to do what I want.
> ...just need to sort out the macro language in man ifstated.conf ;^)

ifstated looks at the physical link of an interface. In ifconfig output
this is the line starting with status. This state does not change
when a new address is assigned to an interface.

Remi 

Re: non-wintel hardware choices

[Bryan C. Everly]

Michael,

The challenge is device drivers for the video cards.  Especially in
the PA-RISC case because there really is no documentation for them.
I've spent some time on the HP end of things and unfortunately was in
over my head pretty quickly.

Thanks,
Bryan


On Fri, May 6, 2016 at 10:54 AM, Michael Lambert  wrote:
>> On 5 May 2016, at 19:52, Bryan Everly  wrote:
>>
>> Unfortunately PA-RISC doesn't have X support at the console. You can
>> run X on it and have the Windows render on a SPARC, MIPS or Intel
>> platform though.
>
> Neither does Alpha (AXP).  Does anyone know if there are blockers in building
> xenocara on these platforms or there just isn't enough interest for anyone to
> try seriously?
>
> Thanks,
>
> Michael

Re: [patch] bgpctl more info in terse format

[Denis Fondras]

On Mon, Apr 18, 2016 at 08:09:50PM +0200, Claudio Jeker wrote:
> The idea of terse is that you don't need to parse. So in a way I agree
> with the diff. What I don't like is the inclusion of the number of
> prefixes. That count requires a roundtrip to the RDE to find and sometimes
> this takes a while. I would prefer if we could leave that out.
> 

Here is a new diff that only prints uptime.
Denis

Index: bgpctl.c
===
RCS file: /cvs/src/usr.sbin/bgpctl/bgpctl.c,v
retrieving revision 1.187
diff -u -p -r1.187 bgpctl.c
--- bgpctl.c5 Dec 2015 13:17:05 -   1.187
+++ bgpctl.c6 May 2016 18:36:10 -
@@ -584,8 +584,9 @@ show_summary_terse_msg(struct imsg *imsg
p = imsg->data;
s = fmt_peer(p->conf.descr, >conf.remote_addr,
p->conf.remote_masklen, nodescr);
-   printf("%s %s %s\n", s, log_as(p->conf.remote_as),
-   p->conf.template ? "Template" : statenames[p->state]);
+   printf("%s %s %s %llu\n", s, log_as(p->conf.remote_as),
+   p->conf.template ? "Template" : statenames[p->state],
+   (time(NULL) - p->stats.last_updown));
free(s);
break;
case IMSG_CTL_END:

[no subject]

[Alan Corey]

Re: Performance of Firefox and Chromium

> I'm not  sure what  hardware you guys  run OpenBSD on,  but on  my (old,
> crusty,  crummy, shitty)  laptop,  it  and a  lot  of Gui-requiring  and

My laptop was made in 2008, my desktop in 2002.

>  javascript heavy sites send
> javascript from many domains which is slow and insecure and probably
> increases threading a lot by it's distributed nature.

I blame a lot on Javascipt libraries like Ajax where lazy webmasters
include them to use 1% of what they stick in the page.  But yes, every
page requires 50 or so DNS lookups.  And web pages have gotten to be 3
megabytes and over.  And web servers have timeouts so lots of times I
see them time out before the pages load, I have to hit reload 5-10
times fairly often.  The OpenBSD site is fast, stupid sites like
Facebook I avoid.

-- 
Credit is the root of all evil.  - AB1JX

Re: non-wintel hardware choices

[Michael Lambert]

> On 5 May 2016, at 19:52, Bryan Everly  wrote:
>
> Unfortunately PA-RISC doesn't have X support at the console. You can
> run X on it and have the Windows render on a SPARC, MIPS or Intel
> platform though.

Neither does Alpha (AXP).  Does anyone know if there are blockers in building
xenocara on these platforms or there just isn't enough interest for anyone to
try seriously?

Thanks,

Michael

Re: non-wintel hardware choices

[Riccardo Mottola]

Hi,

Bryan Everly wrote:

Unfortunately PA-RISC doesn't have X support at the console. You can
run X on it and have the Windows render on a SPARC, MIPS or Intel
platform though.


sorry, didn't know that. I always did run my HP hardware headless... so 
I never noticed.
I always liked the CPU since University... I am sad that it morphed into 
Itanic and now drowns to oblivion.


Riccardo

Re: Short maximum interpreter length

[Theo de Raadt]

> Why is MAXINTERP in  only 128? I can think of a few:
> 
> 1. It's been that way a while and nobody's complained
> 2. If someone's shebangs are longer than that, they're probably doing 
> whatever they're doing horribly, horribly wrong
> 3. Historical compatibility
> 
> Is it one of those? If not, is it something else?

If this value gets increased, some script writers might start relying on it.

There is still rough consensus that it is "a good thing" if shell scripts
are somewhat portable.

Increasing it brings no real benefit.  Only possible downsites when high
values are abused.  I'd say that is end of the story.

Re: dhclient.conf and hostname.if

[Duncan Patton a Campbell]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Fri, 06 May 2016 12:06:58 +0100
Mark Carroll  wrote:

> On 06 May 2016, Duncan Patton a. Campbell wrote:
> 
> > Is there any similar tag to access the addess assigned by dhcp?
> > What other mechanisms exist to update dynamic dns assignments?
> 
> Could ifstated(8) help here? I've separately wondered if I ought to be
> using it to kick pf because it otherwise doesn't realize that 'self'
> includes the address eventually assigned by PPP.
> 
> -- Mark
> 

Yes.  Looking at the man page this might be a way to do what I want.
...just need to sort out the macro language in man ifstated.conf ;^)

Thanks,

Dhu


- -- 
"Je suis Canadien.  Ce n'est pas Francais ou Anglaise.  C'est une
esp`ece de sauvage"

http://babayaga.neotext.ca/PublicKeys/Duncan_Patton_a_Campbell_pubkey.txt

Ne obliviscaris, vix ea nostra voco.
iF4EAREIAAYFAlcsjCwACgkQiY6AzzR1lzzC3QEAhekbOo4bNOTMZ2Z0bSXgFkR/
o30ZMry21Ue0eDlnUmUA/jOMpk4pDBZHXh/NDWVl7TjJfr6TDGftTzsK3N1GyBKV
=a1Z5
-END PGP SIGNATURE-

Re: dhclient.conf and hostname.if

[Duncan Patton a Campbell]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Fri, 6 May 2016 11:56:31 +0100
Raf Czlonka  wrote:

> On Fri, May 06, 2016 at 11:35:47AM BST, Duncan Patton a Campbell
> wrote:
> > 
> > Back when the script tag was removed from dhclient.conf the 
> > functionality to do external commands was ostensibly moved
> > into hostname.if via the
> > 
> > !command mechanism.  
> > 
> > in man hostname.if it says 
> > 
> > "It is worth noting that ``\$if'' in a command
> >  line will be replaced by the interface name" 
> > 
> > Is there any similar tag to access the addess assigned by dhcp?
> > What other mechanisms exist to update dynamic dns assignments?
> 
> Hi Duncan,
> 
> Not sure if I understood you correctly but doesn't
> 
>   send host-name ...
> 

- From my reading of man dhclient.conf 
this will send the local box's hostname to it's dhcp server
and I'm looking to send the local box's just assigned dhcp_ip
to a nameserver using nsupdate.

Thanks

Dhu

> in dhclient.conf(5) do what you want?
> 
> Regards,
> 
> Raf
> 


- -- 
"Je suis Canadien.  Ce n'est pas Francais ou Anglaise.  C'est une
esp`ece de sauvage"

http://babayaga.neotext.ca/PublicKeys/Duncan_Patton_a_Campbell_pubkey.txt

Ne obliviscaris, vix ea nostra voco.
iF4EAREIAAYFAlcsiOUACgkQiY6AzzR1lzzN0AEA0a606QNYiWtTjBMh/keDxbUm
STv6xWmwQ9KmzUIi21IA/309BUahCATDLfNBSOc4AF8frOpDy3ZMhr6qYHzKiLQo
=HWd1
-END PGP SIGNATURE-

Re: dhclient.conf and hostname.if

[Mark Carroll]

On 06 May 2016, Duncan Patton a. Campbell wrote:

> Is there any similar tag to access the addess assigned by dhcp?
> What other mechanisms exist to update dynamic dns assignments?

Could ifstated(8) help here? I've separately wondered if I ought to be
using it to kick pf because it otherwise doesn't realize that 'self'
includes the address eventually assigned by PPP.

-- Mark

Re: SMP implementation

[Martin Pieuchot]

On 05/05/16(Thu) 19:03, Pavan Maddamsetti wrote:
> I have been reading about ongoing improvements to SMP in OpenBSD. My
> understanding is that context switching from userspace to the kernel can be
> hazardous if shared resources are not protected by locking. 

The context switching it not the problem, the problem is that if two
CPUs modify kernel states at the same time corruptions are very likely
to happen.  Why?  Simply because the kernel hasn't been written to be
executed on multiple CPUs simultaneously.

> OpenBSD
> currently has a "giant lock" for safe concurrent access to kernel data
> structures. It will eventually be replaced by finer grained locking in
> order for the kernel to execute on multiple CPUs simultaneously.

Well a "giant lock" prevent concurrent access in order to guarantee data
integrity.

> Has any thought been given to an alternative design where each CPU has its
> own thread scheduler, like DragonFly BSD?

Certainly, people talk a lot!  Now keep in mind that having a different
scheduling class for kernel threads wont prevent kernel threads from
accessing shared data concurrently.

Re: dhclient.conf and hostname.if

[Raf Czlonka]

On Fri, May 06, 2016 at 11:35:47AM BST, Duncan Patton a Campbell wrote:
> 
> Back when the script tag was removed from dhclient.conf the 
> functionality to do external commands was ostensibly moved
> into hostname.if via the
> 
> !command mechanism.  
> 
> in man hostname.if it says 
> 
> "It is worth noting that ``\$if'' in a command
>  line will be replaced by the interface name" 
> 
> Is there any similar tag to access the addess assigned by dhcp?
> What other mechanisms exist to update dynamic dns assignments?

Hi Duncan,

Not sure if I understood you correctly but doesn't

send host-name ...

in dhclient.conf(5) do what you want?

Regards,

Raf

dhclient.conf and hostname.if

[Duncan Patton a Campbell]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256


Back when the script tag was removed from dhclient.conf the 
functionality to do external commands was ostensibly moved
into hostname.if via the

!command mechanism.  

in man hostname.if it says 

"It is worth noting that ``\$if'' in a command
 line will be replaced by the interface name" 

Is there any similar tag to access the addess assigned by dhcp?
What other mechanisms exist to update dynamic dns assignments?

Thanks,

Dhu

- -- 

http://babayaga.neotext.ca/PublicKeys/Duncan_Patton_a_Campbell_pubkey.txt

Ne obliviscaris, vix ea nostra voco.
iF4EAREIAAYFAlcsc4MACgkQiY6AzzR1lzykrQD/eTAfofD79x5CKeGVC33iZKOR
TGNzYAYvkDTH6tYFfE0A/i7bQS3g6Thd3IAMLFkA5wudGAJwi3he0dQuPRhvKcP0
=6eqc
-END PGP SIGNATURE-